Commit 6ab11353 authored by Volker Dobler's avatar Volker Dobler Committed by Nigel Tao

exp/cookiejar: store cookies under TLD+1 on nil public suffix list

The current implementation would store all cookies received from
any .com domain under "com" in the entries map if a nil public
suffix list is used in constructing the Jar. This is inefficient.

This CL uses the TLD+1 of the domain if the public suffix list
is nil which has two advantages:
 - It uses the entries map efficiently.
 - It prevents a host foo.com to set cookies for bar.com.
   (It may set the cookie, but it won't be returned to bar.com.)
A domain like www.british-library.uk may still set a domain
cookie for .british-library.uk in this case.

The behavior for a non-nil public suffix list is unchanged, cookies
are stored under eTLD+1 in this case.

R=nigeltao
CC=golang-dev
https://golang.org/cl/7312105
parent 68ff170e
...@@ -48,8 +48,8 @@ type Options struct { ...@@ -48,8 +48,8 @@ type Options struct {
// an HTTP server can set a cookie for a domain. // an HTTP server can set a cookie for a domain.
// //
// A nil value is valid and may be useful for testing but it is not // A nil value is valid and may be useful for testing but it is not
// secure: it means that the HTTP server for foo.com can set a cookie // secure: it means that the HTTP server for foo.co.uk can set a cookie
// for bar.com. // for bar.co.uk.
PublicSuffixList PublicSuffixList PublicSuffixList PublicSuffixList
} }
...@@ -333,19 +333,24 @@ func jarKey(host string, psl PublicSuffixList) string { ...@@ -333,19 +333,24 @@ func jarKey(host string, psl PublicSuffixList) string {
if isIP(host) { if isIP(host) {
return host return host
} }
var i int
if psl == nil { if psl == nil {
// Key cookies under TLD of host. i = strings.LastIndex(host, ".")
return host[1+strings.LastIndex(host, "."):] if i == -1 {
} return host
suffix := psl.PublicSuffix(host) }
if suffix == host { } else {
return host suffix := psl.PublicSuffix(host)
} if suffix == host {
i := len(host) - len(suffix) return host
if i <= 0 || host[i-1] != '.' { }
// The provided public suffix list psl is broken. i = len(host) - len(suffix)
// Storing cookies under host is a safe stopgap. if i <= 0 || host[i-1] != '.' {
return host // The provided public suffix list psl is broken.
// Storing cookies under host is a safe stopgap.
return host
}
} }
prevDot := strings.LastIndex(host[:i-1], ".") prevDot := strings.LastIndex(host[:i-1], ".")
return host[prevDot+1:] return host[prevDot+1:]
......
...@@ -99,10 +99,25 @@ func TestJarKey(t *testing.T) { ...@@ -99,10 +99,25 @@ func TestJarKey(t *testing.T) {
t.Errorf("%q: got %q, want %q", host, got, want) t.Errorf("%q: got %q, want %q", host, got, want)
} }
} }
}
for _, host := range []string{"www.example.com", "example.com", "com"} { var jarKeyNilPSLTests = map[string]string{
if got := jarKey(host, nil); got != "com" { "foo.www.example.com": "example.com",
t.Errorf(`%q: got %q, want "com"`, host, got) "www.example.com": "example.com",
"example.com": "example.com",
"com": "com",
"foo.www.bbc.co.uk": "co.uk",
"www.bbc.co.uk": "co.uk",
"bbc.co.uk": "co.uk",
"co.uk": "co.uk",
"uk": "uk",
"192.168.0.5": "192.168.0.5",
}
func TestJarKeyNilPSL(t *testing.T) {
for host, want := range jarKeyNilPSLTests {
if got := jarKey(host, nil); got != want {
t.Errorf("%q: got %q, want %q", host, got, want)
} }
} }
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment